Bug 1347240

Summary: Tomcat 7.0.68 on EPEL6 to fix CVE-2015-5345
Product: [Fedora] Fedora EPEL Reporter: Patrick van Staveren <trick>
Component: tomcatAssignee: Ivan Afonichev <ivan.afonichev>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: el6CC: alee, coolsvap, csutherl, ivan.afonichev
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-07-01 12:03:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1311089    

Description Patrick van Staveren 2016-06-16 11:23:50 UTC 
Hello,

We're looking to upgrade some of our EL6 machines to mitigate CVE-2015-5345.  It looks like the bump from 7.0.65 -> 7.0.68 has already been pushed to Fedora 22 and 23 a few months back [1], but not to EPEL6 yet.

Is it possible to build it up?  We'd be happy to test & validate it on some live systems which rely on it.

1: https://bodhi.fedoraproject.org/updates/FEDORA-2016-e6651efbaf

Let me know if there's anything I can do to help.
Comment 1 Coty Sutherland 2016-06-16 14:12:25 UTC 
I just rebased some other things yesterday, so this was pretty easy. Here's my proposal:

https://github.com/csutherl/fedora-tomcat/commit/dbd0764
Comment 2 Coty Sutherland 2016-06-20 19:00:59 UTC 
This should be POST instead of MODIFIED.
Comment 3 Coty Sutherland 2016-07-01 12:03:26 UTC 
Given that there are other CVEs that would be fixed by a rebase I opened a new bug to include them all rather than dealing with each one individually. Please see bug 1352009 for more details.

*** This bug has been marked as a duplicate of bug 1352009 ***